CVE-2014-3994: XSS Vulnerability in Djblets json_dumps()
(updated )
Django’s JSON serialization does not handle escaping of any characters to make them safe for injecting into HTML. This allows an attacker who can provide part of a JSON-serializable object to craft a string that can break out of a tag and create its own, injecting a custom script.
References
Detect and mitigate CVE-2014-3994 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →